Oracle has brought forward the timetable of an upcoming Java security update by two weeks in order to block off an in-the-wild security hole.

The update, originally scheduled for 19 February, was released a fortnight early on Friday because of "active exploitation 'in the wild' of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers".

The update covers 50 flaws, 49 of which are remotely exploitable. More than half (26) of the bunch carry the maximum Common Vulnerability Scoring System (CVSS) risk score of 10.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

1. Even if used on a second browser, wouldn't there still be a chance of compromising a system unless Java is run from a virtual machine or space?
2. Does anyone actually test the code for vulnerabilities or do they just wait until the shit hits the fan?
3. Considering that there may be many more holes, will they look through the entire code and fix it?